function CreateRules()
{
$iptables = find_program("iptables");
$iptables_save = "/sbin/iptables-save";
$iptables_restore = "/sbin/iptables-restore";
$MIKROTIK_FIREWALL = unserialize(@file_get_contents("/etc/squid3/MIKROTIK_FIREWALL.array"));
DeleteRules();
if (count($MIKROTIK_FIREWALL) == 0) {
return;
}
$suffixTables = "-m comment --comment \"ArticaMikroTik\"";
$SquidMikrotikMaskerade = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/SquidMikrotikMaskerade"));
while (list($INDEX, $ARRAY) = each($MIKROTIK_FIREWALL)) {
$PORT = $ARRAY["PORT"];
$SRC_PORT = $ARRAY["SRC_PORT"];
$IPADDR = $ARRAY["IPADDR"];
$cmd = "{$iptables} -t mangle -I PREROUTING -p tcp --dport {$SRC_PORT} -j TPROXY --tproxy-mark 0x1/0x1 --on-port {$PORT} {$suffixTables}";
echo "{$cmd}\n";
exec("{$cmd} >/dev/null 2>&1");
$cmd = "{$iptables} -t nat -I PREROUTING -s {$IPADDR} -p tcp --dport {$SRC_PORT} -j ACCEPT {$suffixTables}";
//$cmd="$iptables -t nat -I PREROUTING -p tcp --dport $SRC_PORT -j ACCEPT $suffixTables";
echo "{$cmd}\n";
exec("{$cmd} >/dev/null 2>&1");
}
$cmd = "{$iptables} -t mangle -N DIVERT {$suffixTables} >/dev/null 2>&1";
echo "{$cmd}\n";
system("{$cmd}");
if ($SquidMikrotikMaskerade == 1) {
exec("{$iptables} -t nat -I POSTROUTING -j MASQUERADE {$suffixTables}");
}
$cmd = "{$iptables} -t mangle -I PREROUTING -p tcp -m socket -j DIVERT {$suffixTables}";
echo "{$cmd}\n";
exec("{$cmd} >/dev/null 2>&1");
$cmd = "{$iptables} -t mangle -I DIVERT -j ACCEPT {$suffixTables}";
echo "{$cmd}\n";
system("{$cmd}");
$cmd = "{$iptables} -t mangle -I DIVERT -j MARK --set-mark 1 {$suffixTables}";
echo "{$cmd}\n";
system("{$cmd}");
shell_exec("/sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.default.rp_filter=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.all.rp_filter=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.eth0.rp_filter=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.eth1.rp_filter=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.eth2.rp_filter=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.eth3.rp_filter=0 >/dev/null 2>&1");
shell_exec("/sbin/sysctl -w net.ipv4.conf.eth4.rp_filter=0 >/dev/null 2>&1");
shell_exec("modprobe ip_tables >/dev/null 2>&1");
shell_exec("modprobe nf_conntrack_ipv4 >/dev/null 2>&1");
shell_exec("modprobe xt_tcpudp >/dev/null 2>&1");
shell_exec("modprobe nf_tproxy_core >/dev/null 2>&1");
shell_exec("modprobe xt_MARK2 >/dev/null 2>&1");
shell_exec("modprobe xt_TPROXY2 >/dev/null 2>&1");
shell_exec("modprobe xt_socket2 >/dev/null 2>&1");
}
function xrun()
{
$unix = new unix();
$pidfile = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__ . ".pid";
$pid = @file_get_contents($pidfile);
if ($pid < 100) {
$pid = null;
}
if ($unix->process_exists($pid, basename(__FILE__))) {
echo "PID: {$pid} Already exists....\n";
die;
}
@file_put_contents($pidfile, getmypid());
DeleteRules();
xstart(true);
shell_exec("/bin/suricata-fw.sh");
}
function CreateRules()
{
$unix = new unix();
$q = new mysql();
$iptables = $unix->find_program("iptables");
$iptables_save = "/sbin/iptables-save";
$iptables_restore = "/sbin/iptables-restore";
$sql = "SELECT * FROM `gateway_secure` WHERE enabled=1";
$results = $q->QUERY_SQL($sql, "artica_backup");
if (!$q->ok) {
return;
}
DeleteRules();
$suffixTables = "-m comment --comment \"ArticaSecureGateway\"";
$EnableSecureGateway = intval(@file_get_contents("/etc/artica-postfix/settings/Daemons/EnableSecureGateway"));
if ($EnableSecureGateway == 0) {
@unlink("/bin/artica-secure-gateway.sh");
return;
}
$PROTO[0] = "tcp";
$PROTO[1] = "udp";
$SH[] = "#!/bin/sh";
$SH[] = "{$iptables} -I FORWARD -p tcp -m tcp {$suffixTables} -j REJECT";
$SH[] = "{$iptables} -I FORWARD -p udp -m udp {$suffixTables} -j REJECT";
$SH[] = "{$iptables} -I FORWARD -p icmp -m conntrack --ctstate RELATED -j ACCEPT";
while ($ligne = mysql_fetch_assoc($results)) {
$dport = $ligne["dport"];
$xPROTO = $PROTO[$ligne["dproto"]];
$SH[] = "{$iptables} -I FORWARD -p {$xPROTO} -m {$xPROTO} --dport {$dport} {$suffixTables} -j ACCEPT >/dev/null 2>&1";
}
$net = new networkscanner();
while (list($num, $maks) = each($net->networklist)) {
if (trim($maks) == null) {
continue;
}
$SH[] = "{$iptables} -I FORWARD -p tcp -m tcp -d {$maks} {$suffixTables} -j ACCEPT";
}
$SH[] = "";
@file_put_contents("/bin/artica-secure-gateway.sh", @implode("\n", $SH));
@chmod("/bin/artica-secure-gateway.sh", 0755);
}
function reconfigure()
{
$unix = new unix();
$sock = new sockets();
$SquidEnforceRules = intval($sock->GET_INFO("SquidEnforceRules"));
$php = $unix->LOCATE_PHP5_BIN();
if ($SquidEnforceRules == 1) {
build_progress("{building_service}", 10);
system("{$php} /usr/share/artica-postfix/exec.initslapd.php --hypercache-web");
build_progress("{building_rules}", 20);
buildRules();
build_progress("{removing_old_rules}", 20);
DeleteRules();
build_progress("{checking_proxy_service}", 30);
if (!IsClientInProxy()) {
build_progress("{reconfiguring_proxy_service}", 30);
$sock->SET_INFO("UfdbUseArticaClient", 1);
system("{$php} /usr/share/artica-postfix/exec.squid.php --build --force");
}
build_progress("{reloading_web_service}", 50);
system("{$php} /usr/share/artica-postfix/exec.HyperCacheWeb.php --reload");
build_progress("{reloading_proxy_plugins}", 80);
system("{$php} /usr/share/artica-postfix/exec.ufdbclient.reload.php");
build_progress("{please_wait_restarting_artica_status}", 90);
system("/etc/init.d/artica-status restart");
build_progress("{done}", 100);
} else {
build_progress("{stopping_web_service}", 50);
system("{$php} /usr/share/artica-postfix/exec.HyperCacheWeb.php --stop");
build_progress("{please_wait_restarting_artica_status}", 90);
system("/etc/init.d/artica-status restart");
build_progress("{done}", 100);
}
}
require_once "./_logic.php";
switch ($_POST["action"]) {
case "create":
$startDate = $_POST["create_start_date"];
$endDate = $_POST["create_end_date"];
$startTime = $_POST["create_start_hour"] . ":" . $_POST["create_start_minute"] . ":00";
$endTime = $_POST["create_end_hour"] . ":" . $_POST["create_end_minute"] . ":00";
$newRuleIDs = @CreateRules($_POST["create_lots"], $_POST["create_passes"], (string) $startDate, (string) $endDate, (string) $startTime, (string) $endTime, implode($_POST["create_days"], ","));
if ($newRuleIDs != null) {
ui_info("Rules Created: <strong>" . count($newRuleIDs) . "</strong>");
} else {
ui_alert("Rules Created: <strong>" . count($newRuleIDs) . "</strong>");
}
break;
case "delete":
$results = @DeleteRules($_POST["delete_rules"]);
if ($results > 0) {
ui_info("Rules Deleted: <strong>" . $results . "</strong>");
} else {
ui_alert("No Rules Deleted.");
}
break;
default:
break;
}
$passes = GetPassTypes("name");
$all_lots = GetLots();
$lots = GetRulesByLot();
?>
<script type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.8/jquery.validate.min.js"></script>
